TrueNorth Mail

Privacy Policy

Last updated: January 2025

1. Introduction

TrueNorth Technology ("we", "our", or "us") operates TrueNorth Mail. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We are committed to protecting your privacy and handling your data responsibly.

2. Our Privacy Commitment

Unlike traditional email providers, we believe your email should remain private:

  • No email scanning for ads: We never scan your emails to serve advertisements
  • No data selling: We never sell your personal information to third parties
  • Encryption: Your sensitive data is encrypted at rest and in transit
  • Data minimization: We only collect what we need to provide the Service

3. Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Name (optional)
  • Organization name (if applicable)
  • Payment information (processed securely by Stripe)

Email Data

To provide email services, we store:

  • Email messages (content, attachments, metadata)
  • Contact information from your emails
  • Email labels and organization data

Usage Data

We automatically collect:

  • Log data (IP address, browser type, pages visited)
  • Feature usage statistics
  • Error reports and performance data

4. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Send and receive emails on your behalf
  • Power AI features (with your email content, processed securely)
  • Process payments and manage subscriptions
  • Send service notifications and updates
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

5. AI Features and Your Data

Our AI features (semantic search, email composition assistance, smart replies) process your email content. Important points:

  • AI processing uses third-party services (OpenAI) with strict data processing agreements
  • We do not use your emails to train AI models
  • AI-processed content is not stored beyond the immediate request
  • You can disable AI features at any time in settings

6. Data Storage and Security

We take security seriously:

  • Encryption: Data encrypted at rest (AES-256) and in transit (TLS 1.3)
  • Infrastructure: Hosted on AWS with SOC 2 compliance
  • Access control: Strict employee access policies
  • Backups: Regular encrypted backups with point-in-time recovery

7. Data Sharing

We share your information only in these circumstances:

  • Service providers: AWS (hosting), Stripe (payments), Clerk (authentication), OpenAI (AI features) - all bound by data processing agreements
  • Legal requirements: When required by law or to protect rights and safety
  • Business transfers: In connection with a merger, acquisition, or sale of assets
  • With your consent: When you explicitly authorize sharing

We never sell your personal information to advertisers or data brokers.

8. Data Retention

We retain your data as follows:

  • Email data: Until you delete it or close your account
  • Account data: For the duration of your account plus 30 days after deletion
  • Billing records: As required by law (typically 7 years)
  • Logs: 90 days for operational logs, 1 year for security logs

9. Your Rights

Depending on your location, you may have these rights:

  • Access: Request a copy of your data
  • Correction: Update inaccurate information
  • Deletion: Request deletion of your data
  • Portability: Export your data in a standard format
  • Objection: Object to certain processing activities
  • Restriction: Limit how we use your data

To exercise these rights, contact us at privacy@truenorth.email

10. International Data Transfers

Your data may be transferred to and processed in the United States where our servers are located. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses where required.

11. Children's Privacy

The Service is not intended for children under 16. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

12. Cookies and Tracking

We use essential cookies for:

  • Authentication and session management
  • Security and fraud prevention
  • User preferences

We do not use tracking cookies for advertising. We may use analytics to improve the Service, but this data is anonymized.

13. California Privacy Rights (CCPA)

California residents have additional rights under the CCPA, including the right to know what personal information is collected, request deletion, and opt-out of sales. We do not sell personal information. To exercise your CCPA rights, contact us at the email below.

14. European Privacy Rights (GDPR)

If you are in the European Economic Area, you have rights under the GDPR including access, rectification, erasure, and data portability. Our legal basis for processing is contract performance and legitimate interests. You may lodge a complaint with your local data protection authority.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or prominent notice in the Service. Your continued use after changes constitutes acceptance of the updated policy.

16. Contact Us

For privacy-related questions or to exercise your rights, contact us at:

privacy@truenorth.email